Reversecore_mcp
@sjkim1127
A security-first MCP server that empowers AI agents to perform automated reverse engineering, malware analysis, forensics, vulnerability research, and SAST — powered by Radare2, YARA, LIEF, Capstone, and more.
Overview
What is Reversecore_MCP?
Reversecore_MCP is an enterprise-grade Model Context Protocol server that transforms AI assistants like Claude and Cursor into expert-level security research workstations. It integrates 50+ analysis tools across static analysis, dynamic triage, malware analysis, vulnerability research, SAST, digital forensics, and reporting.
How to use Reversecore_MCP?
Run the Docker container (recommended) or build from source, then connect any MCP-compatible AI client via stdio or HTTP/SSE transport. Configure workspace and environment variables as needed.
Key features of Reversecore_MCP
- 50+ tools for static, dynamic, malware, and forensic analysis
- Natural language interface – describe tasks, server invokes tools
- Guided analysis prompts with expert personas and Chain-of-Thought
- MITRE ATT&CK technique mapping with evidence classification
- Persistent AI memory store via async SQLite
- Built-in security model with input sanitization and path validation
Use cases of Reversecore_MCP
- Malware triage and IOC extraction with automated reporting
- Vulnerability research using symbolic execution and binary diffing
- Digital forensics on memory dumps, disk images, and network captures
- Firmware analysis for IoT/embedded devices
- Source code auditing for Python, C, and C++ projects
FAQ from Reversecore_MCP
What are the runtime requirements?
Python 3.10–3.12, or Docker. Underlying tools include Radare2, r2ghidra, YARA, LIEF, Capstone, Volatility3, and others – all bundled in the Docker image.
How does it connect to AI clients?
Via the Model Context Protocol over stdio or HTTP/SSE. Any MCP-compatible client (e.g., Claude, Cursor) can use it.
What analysis tools are included?
Over 50 tools across seven categories: static analysis, disassembly/decompilation, cross-referencing, dynamic/symbolic analysis, malware detection, session reporting, and digital forensics.
Is there a security model?
Yes – the server includes input sanitization, path validation, a Radare2 connection pool, and a resilience layer with retry/circuit-breaker patterns.
Can I generate reports with MITRE ATT&CK mapping?
Yes – use create_analysis_report with modes like full, triage, ioc_summary, or executive, and map techniques via add_session_mitre.